CVE-2007-5378 – Tk GIF processing buffer overflow

https://notcve.org/view.php?id=CVE-2007-5378

Buffer overflow in the FileReadGIF function in tkImgGIF.c for Tk Toolkit 8.4.12 and earlier, and 8.3.5 and earlier, allows user-assisted attackers to cause a denial of service (segmentation fault) via an animated GIF in which the first subimage is smaller than a subsequent subimage, which triggers the overflow in the ReadImage function, a different vulnerability than CVE-2007-5137. Desbordamiento de búfer en la función FileReadGIF de tkImgGIF.c para Tk Toolkit 8.4.12 y anteriores, y 8.3.5 y anteriores, permite a atacantes remotos con la intervención del usuario provocar una denegación de servicio (violación de segmento) mediante un GIF animado en el cual la primera sub-imagen es más pequeña que una sub-imagen subsiguiente, lo cual dispara el desbordamiento en la función REadImage, una vulnerabilidad diferente de CVE-2007-5137. • http://secunia.com/advisories/27207 http://secunia.com/advisories/27295 http://secunia.com/advisories/27801 http://secunia.com/advisories/27806 http://secunia.com/advisories/29070 http://secunia.com/advisories/30129 http://secunia.com/advisories/30535 http://secunia.com/advisories/34297 http://sunsolve.sun.com/search/document.do?assetkey=1-26-237465-1 http://www.attrition.org/pipermail/vim/2007-October/001826.html http://www.debian.org/security/2007/dsa-1415 http://w • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •